General Data Protection Regulation (GDPR)

Protect data and comply with the GDPR

Protect data and comply with the GDPR

soVision IT is a Cyber Essentials Certification Partner helping organisations in Bristol, Bath and the South West to achieve the Government Cyber Essentials Certification and comply with the GDPR.

The EU General Data Protection Regulation (GDPR) replacingthe Data Protection Directive 95/46/ECbringswide spread changesto the legislation on personal data protection in Europe. Specialists saythatwe are witnessing a real revolution,consideringhow these changes will affect bothsmall and large businesses in Europe and beyond.

What is GDPR?

GDPR is a general regulation on the protection of individuals with regard to the processing of personal data. There will be a single set of rules that will apply in all member states of the European Union. People will have additional control over their personal data, transparency on data usage will be ensured, and control measurements will be imposed to protect them.

DoesGDPR applyto your company?

The quick and simple answer is “Yes”. GDPR applies to all organisations of any size and scope. The law covers companies, government agencies, non-profit organisations and other organisations that provide goods and services to people in the European Union or that collect and analyse data related to EU residents.

More precisely, the regulation will be directly applicable to any company that:

Provides goods or services to individuals in the member states of the European Union;

Monitors the behaviour of individuals in EU member states;

It has employees in European Union member states.

When is GDPR coming into effect?

The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998.25thof May is not the day when organisations should start working on becoming compliant, but the day when organisations are obliged to be compliant.

What are the consequences of not complyingto GDPR?

Fines of up to €20 million or up to 4 per cent of total global revenue of the preceding year, whichever is greater.

It is very important to mention that the responsibility fornon-complianceis shared between the company that controls the personal data and the company processing the personal data for thefirst one. For example, if your company collaborates with a supplier and you share personal data, you must ensure they arealsoGDPR compliant.

TOP 5 GDPR Requirements

Personal Data

According to GDPR, individuals have the right to know if an organisation is processing their personal data and to understand the purposes of that processing.

Anyperson has the right to request theorganisation to delete, correct or stop processingtheir data, to refuse direct marketing and to revoke consent for certain uses of theirdata.

The GDPR comprises a new right to data portabilityprovidingindividuals with the right to movetheirdata elsewhere and receive assistance in doing so.Therefore,data controllers mustensure that theycan hand over the personal data that has been provided by theindividual, in a structured, commonly used and transferable format.

Securing personal data

GDPR requires organisations to secure personal data according to its sensitivity.

In the event of a security breach, the data controllers must notify the appropriate authorities within 72 hours. In addition, if the breach will lead to high risks for the rights of individuals, organisations will also have to notify without delay the affected people.

Processing personal data

Processing personal data must be done on a legal basis.

Companies must be able to demonstrate that consent for processing personal data was given by the individual. The GDPR defines consent as: “any freely given, specific, informed and unambiguousindication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

Impact on the protection of personal data

Organisations need to assess the impact on data protection in order to anticipate the impact of projects on privacy and take action as needed.

In order to demonstrate compliance with the GDPR, recordings of data processing and evidence of consent to data processing must be maintained.

GDPR compliance

In order to ensure compliance with GDPR, organisations are encouraged to implement a privacy culture in order to protect the rights and interests of individuals with regard to their personal data.

Failure to comply with GDPR may result in serious fines and business partners' refusal to collaborate with your organisation.

GDPR compliance is not a one-time step, it’s a continuous process of monitoring data processing and ensuring its security, but one of the first steps youmighttake is becoming Cyber Essentials certified.

The GDPR requires you to secure all the personal data that you are processing: employee data, customer data, partners’ data etc. By achieving the Cyber Essentials certification, in case of a data breach you will be able to prove that you have taken the measures to protect personal data by ensuring at least a basic level of network security.

Cyber Essentials (CE) is a government-backed cyber security certification schemethatcanhelp any organisationprevent around 80% of cyber-attacks. CyberEssentialsnot only helpsyour company to reduce the risk ofcyber threats by up to 80%, but also to:

Maintain business reputation

Save on potential IT costs

Focus on your core business objectives

Bid for UK government contracts

Gain competitive advantage

Last, but not least, helps you tocomply with the GDPR and other laws.

soVision IT is a Cyber Essentials Certification Partner helping organisations in Bristol, Bath and the South West to achieve the GovernmentCyber Essentials Certification and comply with the GDPR. Being acomplete ICT providergives us the advantage of having all the resources to solve any IT security challenge that your company might be facing.